Quantitative analysis of the security performance in wireless LANs

Poonam Jindal

^*

, Brahmjit Singh

National Institute of Technology, Faculty of Electronics and Communication Engineering Department, Deemed University, Kurukshetra 136118, India

Received 2 August 2014; revised 3 November 2014; accepted 9 December 2014 Available online 2 November 2015

KEYWORDS Frame loss;

Roaming network;

Security protocols;

Throughput;

TCP;

UDP

Abstract A comprehensive experimental study to analyze the security performance of a WLAN based on IEEE 802.11 b/g/n standards in various network scenarios is presented in this paper.

By setting-up an experimental testbed we have measured results for a layered security model in terms of throughput, response time, encryption overheads, frame loss and jitter. Through numerical results obtained from the testbed, we have presented quantitative as well as realistic findings for both security mechanisms and network performance. It establishes the fact that there is always a tradeoff between the security strength and the associated network performance. It is observed that the non-roaming network always performs better than the roaming network under all network sce- narios. To analyze the benefits offered by a particular security protocol a relative security strength index model is demonstrated. Further we have presented the statistical analysis of our experimental data. We found that different security protocols have different robustness against mobility. By choosing the robust security protocol, network performance can be improved. The presented anal- ysis is significant and useful with reference to the assessment of the suitability of security protocols for given real time application.

Ó2015 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

1. Introduction

There has been tremendous growth of wireless communication services over the last decade due to their ease of accessibility,

mobility and flexibility. Due to the release of the restrictions of physical boundaries, Wireless Local Area Networks (WLANs) have been extensively deployed worldwide (Ergen, 2002). The universality of these networks ranges from homes, business, online banking, social networking, cafes, military, and research sectors to many more. Due to open access of the shared wireless medium, existing studies reveal that WLANs are susceptible to several attacks such as sniffing, spoofing, eavesdropping, denial of service and man in the middle attack;

hence provisioning of the security in these networks is a major research challenge (Sheldon et al., 2012). Such security issues raise the need of applying strong security mechanisms to pro- tect the information over the network. Consequently, several

* Corresponding author.

E-mail addresses:poonamjindal81@yahoo.co.in,poonamjindal81@

nitkkr.ac.in(P. Jindal),brahmjit.s@gmail.com(B. Singh).

Peer review under responsibility of King Saud University.

Production and hosting by Elsevier

King Saud University

Journal of King Saud University – Computer and Information Sciences

www.ksu.edu.sa www.sciencedirect.com

http://dx.doi.org/10.1016/j.jksuci.2014.12.012

1319-1578Ó2015 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University.

This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

security protocols and mechanisms are being developed to enhance the security in WLANs (Feng, 2012).

The implementation of security protocols induce additional cryptographic overheads and further the cumulative effect of the cryptographic overheads with basic impairments of wire- less network results in a severe obstruction in attaining ade- quate quality of service (QoS) (Potlapally et al., 2006; Jindal and Singh, 2013). Although it is certain that security mecha- nisms affect the performance of the network in terms of the resultant throughput, packet loss, response time, jitter, encryp- tion cost, and authentication time (Baghaei et al., 2004; Turab and Moldoveanu, 2008; Boulmalf et al., 2007). Investigations have not been reported anywhere in much detail as to what extent network performance is affected by security protocols in both roaming and non-roaming scenarios with different applications. Therefore, it is imperative to analyze quantita- tively the impact of security protocols on the performance of networks and to study how the QoS degrades in real time net- works with the application of security protocols. As security is a constituent of wireless LAN, good comprehension of its implications on WLAN performance is necessary.

To achieve a secure wireless communication different secu- rity protocols are developed at different network layers. WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 at MAC layer, IPsec (IP security), SSL (Secure Socket Layer), and RADIUS (Remote access Dial in User Ser- vice) exist at the network layer, transport layer and application layer respectively and are the various security protocols to pre- vent the network from malicious attacks (Vibhuti, 2008;

Lashkari et al., 2009). Most of the previous research has con- centrated on the enhancement of cryptographic mechanisms in security protocols, though they are not quantifying the associ- ated performance degradation due to security protocols in much detail (Peteriya, 2012; Mitchell, 2005).

To achieve the above goal we have developed a real time experimental testbed and performed the comprehensive exper- imental analysis to investigate the performance impact of nine different security protocols including the enterprise security layers. The used testbed is a miniature of existing wireless net- works and ensures the consistency of our experimental scenar- ios with typical deployment of WLANs. We are using the experimental testbed because testbed results not only give nat- uralistic results, but also explore various issues such as com- munication in roaming environment and processing delays in wireless devices that cannot be flawlessly formed in simulation and analytical models. In this work, we report on the compar- ative analysis of the performance impact of different security protocols (SSID, WEP/64/128, WPA/AES, WPA2/AES, and WPA2/AES/TKIP at MAC layer) including security layers with RADIUS server (WPA/AES, WPA2/AES, and WPA2/

AES/TKIP at application layer). We have used our testbed with mobile IP for roaming network. We have made this testbed a heterogeneous network with the help of various hard- ware and mobile devices. Comprehensive experimental analy- sis is carried out in this paper to investigate the performance impact of nine different security policies including the enter- prise security policies in roaming and non-roaming environ- ment. Our obtained experimental results perceive that based upon the network scenario and traffic type, security is always achieved at the cost of network performance. It is observed that very high security protocols are not always a good choice for all network scenarios and also it is found that the stronger

the security protocol, the more are the associated overheads.

Our study aims to address the following issues:

Impact of different security mechanisms on the perfor- mance of wireless LAN (IEEE 802.11b/g/n).

Impact of congested and uncongested network on the per- formance of secure WLAN.

Impact of different packet lengths on the performance of secure WLAN.

Network performance under TCP and UDP traffic streams.

Security performance in non-roaming and roaming scenarios.

Furthermore, security strength of various protocols is ana- lyzed using a relative security strength index model (RSSI) (Luo et al., 2009). It is always presumed that the more the number of security mechanisms or security services provided by any protocol, more is the protocol strength. On evaluating the security strength using RSSI it is observed that the stronger the security service provided by security algorithm the stronger will be the security protocol. A detailed view of the benefits offered by a particular security protocol is provided by the RSSI model that helps the system designers to choose a secu- rity protocol with the desired strength. The security perfor- mance observed through experimental analysis validates our results obtained from the RSSI model. Further a descriptive statistical analysis is performed to analyze the robustness related with each security protocol. It is revealed that each security protocol varies in robustness against mobility. Analy- sis of variance is performed and it is found that all the network scenarios and performance metrics taken under consideration are significant. All the factors (security protocols, traffic type, and network load) affect the performance of wireless networks.

Our experimental results provide a wide quantitative vision of the impact of various security protocols on network perfor- mance. Including this, our analysis is useful in understanding the applicability of security protocols in real time applications and design challenges of future security protocols.

The remainder of the paper is organized as follows. Existing studies are discussed in Section2. A brief summary of WLAN standard and WLAN security protocols is described in Sec- tions3 and 4respectively. Section5details the experimental testbed along with different security layers and the system modeling considered in the testbed. A RSSI model is presented in Section6. Performance metrics under consideration is dis- cussed in Section7. Numerical results for different security lay- ers in different network environments are explained in Section8. Statistical analysis is done in Section9. Conclusion is drawn in Section10.

2. Related work

To determine the realistic view of the performance impact of security mechanisms, measurements play an important role.

Therefore to gain the fundamental understanding of the impact of various security mechanisms on the network perfor- mance, a number of research papers have appeared in the lit- erature reporting the security performance of IEEE 802.11b/g based wireless local area networks. In (Baghaei et al., 2004) authors have performed throughput and response time analy- sis for IEEE 802.11b wireless LAN in a non-roaming environ- ment. It was found that the stronger the security mechanism

the more is the performance degradation. An experimental study to analyze the performance overheads associated by different security protocols was done by authors in (Nayak et al., 2005; Agarwal and Wang, 2007) for IEEE 802.11b/g based network. Further in (Begh et al., 2009; Ahmad et al., 2012), impact of security protocols on the performance of TCP and UDP traffic streams has been analyzed and was found that security protocols negatively affect the network performance. A more detailed analysis to study the security performance on IEEE 802.11g based wireless network by inte- grating cross layer security protocols was demonstrated in (Agarwal and Wang, 2007). Another experiment was per- formed in (Vibhuti, 2008) to calculate the security impact on end-to-end delay and packet delivery fractions. The impact of cryptographic primitives used in WEP and WPA on throughput and delay over WLAN IEEE 802.11g was investi- gated in (Boulmalf et al., 2007). The performance impact of secure IEEE 802.11g WLAN using Open VPN is done in (Likhar and Yadav, 2011). Experiments were performed on a wireless test-bed to analyze throughput, delay and jitter for four security settings: disabled security, WEP, WPA1, and WAP2 for multimedia applications in (Hayajneh et al., 2012). WPA2 security-bandwidth trade-off in 802.11n WLAN for IPv4 and IPv6 using different operating systems is studied in (Kolahi et al., 2012). Impact of transmission power on the performance of secure IEEE 802.11n wireless local area net- work was reported in (Singh and Jindal, 2014a,b). The avail- able literature revealed that a number of researchers have carried out numerous experiments to quantify the security per- formance but with several limitations. Firstly the past researches have focused on the improvement of cryptographic aspects of security mechanisms in a small range of network scenarios (Begh et al., 2009). Secondly the previous work brings out the qualitative analysis and does not provide the complete quantitative results in terms of QoS and encryption cost (Hayajneh et al., 2012; Ahmad et al., 2012). The literature survey reveals that most of the research has focused on quali- tative security performance of IEEE 802.11b and IEEE 802.11g standards but not considering IEEE 802.11n (Likhar and Yadav, 2011). Also the impact of different implementa- tions of enterprise security layers on the performance of wire- less LAN has not been taken much into consideration in the previous work. The past research was carried out to explore the pros and cons of individual security protocols, but security protocols exist at different network layers (Nayak et al., 2005;

Begh et al., 2009; Hayajneh et al., 2012; Ahmad et al., 2012;

Likhar and Yadav, 2011; Bhatia et al., 2013; Agarwal and Wang, 2007). It is certain and instinctive to study the effects of security protocols in a cross layer architecture. We aim to

provide comparative experimental analysis to study the impact of security mechanisms on the performance of IEEE 802.11b/

g/n standard in a variety of network scenarios at different packet lengths.

3. IEEE 802.11 WLAN standards

WLANs based on IEEE 802.11 standard have been extensively deployed worldwide for information access through wireless medium. However, the communication being in broadcast mode is highly vulnerable to security threats. It is therefore of utmost importance to analyze the security performance of wireless networks based on different versions of the IEEE 802.11 standard. In this section, we briefly introduce different IEEE 802.11 standards.

Institute of Electrical and Electronics Engineers (IEEE) has developed 802.11 and 802.11x, referred to as a group of stan- dards/specifications for WLANs (Bhoyar et al., 2013). The standard IEEE 802.11 specifies an over-the-air interface between a wireless client and an access point or between two or more wireless clients. These WLAN standards were devel- oped with the focus of increasing transmission speeds, range, improving QoS, and adding new amendments. All the amend- ments made in the specifications define the maximum speed of operation, the radio frequency band of operation, encoding of the data for transmission, and the characteristics of the trans- mitter and receiver. A number of versions of the standards have been developed including, IEEE 802.11a, IEEE 802.11b, IEEE 802.11e, IEEE 802.11f IEEE 802.11g, IEEE 802.11h, IEEE 802.11i, IEEE 802.11j, IEEE 802.11k, IEEE 802.11n, IEEE 802.11s, IEEE 802.11ac, IEEE 802.11ad and IEEE 802.11f. However, the most widely used standards are 802.11b, 802.11g, and 802.11n and 802.11i (security proto- col). These network bearer standards operate in ISM (Indus- trial, Scientific and Medical) frequency bands. The band being license-exempt makes it economical and easy to deploy technology for common use. The respective features of these standards are shown inTable 1.

4. WLAN security protocols

To protect the wireless network from illegitimate users and to achieve data confidentiality, integrity and authentication, var- ious WLAN security protocols were developed (Liu et al., 2010). The most popularly adopted security protocols are:

Wired Equivalent Privacy (WEP):WEP was the first secu- rity protocol developed to obtain security equivalent to the wired network. It provides data privacy using RC4 encryption

Table 1 WLAN standards.

Standards Features Publishing year

Data rate (Mbps)

Operating frequency (GHz)

Modulation used Compatibility

IEEE 802.11b 1999 5.5–11 2.4 Complementary code keying (CCK), Direct sequence spread spectrum (DSSS)

Backward compatible with IEEE 802.11a

IEEE 802.11g 2003 54 2.4 Orthogonal frequency division multiplexing (OFDM)

Backward compatible with IEEE 802.11b

IEEE 802.11n 2009 600 2.4 and 5 (CCK, OFDM or DSSS Additional feature of MIMO)

Backward compatible with IEEE 802.11b/g

with 64/128 bit key, initialization vector and integrity check value (ICV) and provide confidentiality, simple integrity and shared key authentication. The weak implementation of RC4 and the proliferation of readily available hacking tools led to WEP being insecure and also not popular for enterprise wide distributed processing environments.

Wi-Fi Protected Access (WPA)is a security protocol that removes almost all the vulnerabilities of WEP. It is also known as WPA personal. WPA uses RC4 encryption along with tem- poral key integrity protocol (TKIP) which includes message integrity check, initialization vector (IV), key mixing and key management algorithms. Since security mechanisms associated with WPA are more, hence it provides confidentiality and authentication (based on 802.1x and EAP) with enhanced strength as compared to WEP. WPA is intended to work with existing 802.11-based products and offers forward compatibil- ity with 802.11i (security standard).

WPA2is an enhanced version of WPA where AES is used as an encryption algorithm. It is also known as WPA2 per- sonal. Like WPA, WPA2 use 802.1x based authentication. It also includes a Robust Security Network Association (RSNA). RSNA provides two protocols TKIP and AES- CCMP (Counter Mode CBC MAC protocol) for data confi- dentiality. WPA2 uses key lengths of 128,192, 256 along with dynamic key distribution. Altogether these protocols deliver improved confidentiality, data integrity and authentication as compared to WPA.

5. Experimental testbed

In order to study the impact of different security layers on the performance of WLAN in different network scenarios, an experimental testbed is developed in a roaming and non- roaming environment while considering the users mobility.

In this section hardware and software configuration of the experimental testbed, which is miniature of WLAN is illus- trated. Although we have shown a simple WLAN architecture;

with the use of different hardware and software configurations, a heterogeneous environment can be created that captures the mobile aspects of WLANs. The existing testbed offers itself to be mapped to large scale wireless networks. We have also performed a comparative analysis of the performance in non-roaming and roaming WLAN scenarios. The two network scenarios and the corresponding hardware and software configurations, security protocols used in the setup are as discussed below:

5.1. Non-roaming network scenario (NR)

Non-roaming network scenario, represented as NRS, deals with the situation when mobile node (MN) (a wireless node)

is communicating with its home agent (HA) (a server who is giving services to client) in the network and the communica- tion path is wireless. This scenario aims to study the impact of security layers only in one domain when nodes are commu- nicating over a secure network. Experimental architecture and used hardware and software configurations for non-roaming network are shown inFig. 1andTable 2respectively.

5.2. Roaming network scenario (RS)

The roaming scenario, represented asRSdeals with the situa- tion when any of the communication mobile users is in a for- eign domain. In our testbed we have taken roaming scenario as, a client (A) from its home network is moving in the foreign network and gets connected with AP in the foreign network and is communicating with HA which is an application server (A) in the home network. Experimental architecture and used hardware and software configurations for non-roaming net- work are shown inFig. 2andTable 3respectively.

Server: 192.168.1.10 Cisco Access Point WAP4140n Client 1:192.168.1.20 192.168.1.245

RJ-45 Cable

Figure 1 Experimental test-bed design for non-roaming wireless LAN.

Table 2 Network configurations in a non-roaming network scenario.

Network configuration in non-roaming network scenario Hardware

configuration

- A server (Window server 2008 with 3.20 GHz processor, 4 GB RAM was used as a RADIUS server)

- A client (Windows 7 professional, I3 second generation processor, 3.2 GHz, 4 MB of RAM)

- An access point (Cisco WAP4140n) - RJ45 Ethernet cable for wired connectivity - The experiments were based on windows 7

(both clients and server) as it has built in implementation of 802.1x authentication protocol

Software configuration

-The Etherealis a packet analyzer and is used to capture live network statistics and mea- surements were obtained from the server (Ethereal,http://www.ethereal.com/) -IP Traffic Generatoris windows based soft-

ware testing tool designed for both fixed and wireless networks that can run on any system with windows 98, 2000 or XP window 7. It can generate, receive, capture, replay IP traffic, measure end-to-end performance and quality of service over any fixed or mobile network. (IP traffic,www.zti-telecom.com/) -RADIUSserver functionality is provided by

FreeRadius and is installed on all machines (RADIUS,http://www.freeradius.org)

5.3. Security policies

Experiments are performed on a layered security model. Per- formance analysis with nine security layers is carried out. First six security layers are; SSID (no security layer), WEP/64 (WEP used with 64 bit key), WEP/128 (WEP used with 128 bit key), WPA/AES (WPA used with Advanced Encryption Standard algorithm), WPA2/AES (WPA2 used with AES encryption algorithm), WPA2/AES/TKIP (WPA2 mixed with both AES and TKIP). These are MAC layer security protocols and pro- vide confidentiality, integrity and authentication and are con- sistent with IEEE 802.11 standard (Holt and Huang, 2010).

Security layers from 7 to 9 are enterprise security layers;

WPA/AES Enterprise, WPA2/AES Enterprise, WPA2/AES/

TKIP Enterprise (in all the cases authentication is performed using RADIUS server) and exist at the application layer, which make use of the RADIUS (Remote Authentication Dial in User Service) server. It provides advanced authentication through digital signatures and provides more security as com- pared to layer 1-6.Table 4shows the security protocols and their associated security services. We have studied these nine security protocols because of their prevalent use in many net- works for security provisioning.

5.4. System modeling

To carry out experimental analysis we have selected different system parameters. Table 5 presents the system parameters selected for system modeling during the experiments.

6. Relative security strength index (RSSI)

To analyze the security strength offered by various security protocols is known to be one of the most challenging issues.

A simple measurement for the analysis of security strength referred to as relative security strength index is presented in this section. All the security protocols including WEP, WPA, WPA2, make use of different encryption and authentication mechanisms and offer security services, like confidentiality, integrity, access control, authentication, mutual authentication

Figure 2 Experimental test-bed design for roaming wireless LAN.

Table 3 Network configuration in a roaming network scenario.

Network configuration used in roaming network scenario Hardware

configuration

- A mobile node is a wireless node, which is able to change its position

- The test bed is placed in two subnets including four laptops (HP laptops (dual 2 core proces- sor 2.4 GHz), HCl laptops (dual 2 core proces- sor 2.4 GHz), HCl laptop with i3 processor 2.4 GHZ)

- Two access points (Cisco WAP4140n) to con- figure a traditional client/server architecture in a wireless connection

- A switch (D-Link) to provide connectivity between subnets

- RJ-45 cable for connectivity between switch, access points and a server

- Two laptops with one configured as a server (Home Agent (HA)) and the other as a client (A) in a home network. Third laptop config- ured as a server station (Foreign Agent (FA)) and the fourth as a client (B) in a foreign network

Software configuration

Software installed in the server and client machines used in roaming scenarios are similar to the one used in non-roaming network scenarios

and non-repudiation. On the basis of security services provided by a security protocol in the network, it is very difficult to make any statement on the strength of the security protocol.

For example, a security protocol SP₁ is having features of integrity and non-repudiation (2 features) and another proto- col SP2 is having features of confidentiality, access control, authentication (3 features but weak as compared to SP₁). On the comparison of SP1and SP2with respect to 2 strong secu- rity services of SP₁ it can be deduced that SP₁ gives more strength as compared to SP2. Similarly on the comparison of both protocols SP₁and SP₂, on the basis of the features not present in SP1 but present in SP2, the same deductions may be reached. We will interpret that SP2 is stronger than SP1. Hence, it is not an easy task to quantify the absolute dissimi- larities between the strength of the two protocols. The confir- mation of which one is the better security protocol between the two protocols depends upon several parameters like ‘what are the network requirements?’, ‘which security protocol and fea- tures are enabled in the network?’ Various studies have been reported in the past to define the quality of protection of a sys- tem (QoP). Different security models to evaluate the QoP of a system are discussed in (Luo et al., 2009; Chen et al., 2011) and

it is found that it is very hard to differentiate the strength offered by two protocols with similar status.

Another approach to analyze the security strength of VoIP is shown in (Casola et al., 2005). In this method weights are assigned to each security feature and are framed in a matrix form. It is observed that though this matrix approach is effi- cient but incurs more processing time and power consumption.

For the analysis of mobile multimedia applications a different framework is given in (Ong et al., 2003) which defines QoP parameters. A similar study to analyze the security strength provided by various security protocols is demonstrated in (Agarwal and Wang, 2007), where security strength is evalu- ated by defining utility function and reward model and obtained the cumulative strength offered by security protocols.

In this paper the same approach as described by the author in (Agarwal and Wang, 2007) is adopted to quantify the security strength provided by security protocols. In this paper, we ana- lyze the security strength by measuring RSSI, which is deter- mined by utilizing associated weights derived from the security services offered by each protocol.

To measure RSSI the first step includes weight assignment.

Weights are assigned in a manner such that when two security protocols provide the same number of security features, higher weights are assigned to the protocol with stronger security fea- tures. It ensures that the protocol with stronger security ser- vices is given a higher security strength index relative to security protocols with weak strength. Security index defined in the past (Agarwal and Wang, 2007) quantified different ranges of security protocols as compared to the protocols pre- sented in this paper. So to accommodate security protocols used in this paper, weight assignment is done on the basis of the strength of associated security services of these protocols which in turn depends upon the parameters like length of key used, hash functions, message authentication code, digital signatures and so on. This weight assignment only gives com- parative strength of one protocol with respect to another but not the absolute strength measurement. It can be illustrated as, if two distinct mechanisms supply the same service of integ- rity but are assigned weights of 3 and 2 respectively, it doesn’t mean that the service with weight 3 is 3 times stronger than the service with weight 2. It simply infers that the service with weight 3 has more strength as compared to service with weight 2. The weights assigned to each security service associated with each security protocol are shown inTable 6and weight assign- ment criteria is detailed below:

Service set identifier (SSID):is a network identifier number and is usually broadcasted by access point (AP) so that a sta- tion (STA) can access the network. SSID does not provide any Table 4 Security protocols implemented on the testbed.

Security protocols Confidentiality Authentication Integrity Mutual authentication Non-repudiation

P1 SSID – – – – –

P2 WEP/64 U U U – –

P3 WEP/128 U U U – –

P4 WPA/AES U U U U –

P5 WPA2/AES U U U U –

P6 WPA2/AES/TKIP U U U U –

P7 WPA/AES/RADIUS U U U U U

P8 WPA2/AES/RADIUS U U U U U

P9 WPA2/AES/TKIP/RADIUS U U U U U

Table 5 Security protocols implemented on the testbed.

System parameters

Bandwidth For IEEE 802.11b/g/n the nominal bandwidths are 11 Mbps/54 Mbps/72 Mbps respectively For IEEE 802.11b, 12 Mbps for congested and 5 Mbps for uncongested network

For IEEE 802.11g, 55 Mbps for congested and 30 Mbps for uncongested network

For IEEE 802.11n, 75 Mbps for congested and 50 Mbps for uncongested network

Traffic type TCP and UDP traffic streams Packet length 500, 1000, 1500, and 2000 bytes Total number of

packets

The choice of number of packets did not affect the performance observed in the results. Thus we have selected this parameter as 0. As long as our session is ‘on’, packets are transmitted continuously

Traffic generation

IP traffic generator tool has been used to generate WLAN traffic. IP packets are transferred in a predefined number, size, content and bandwidth in order to measure the performance impact of security algorithms in the wireless LAN

security and is known to be a ‘No Security’ layer. No security features are provided by SSID, hence no weights are assigned to any feature in SSID.

Wired Equivalent Privacy (WEP):WEP/64/128is used in our experimental testbed. WEP/128 employs a 128 bit key which provides more strong confidentiality as compared to WEP/64 due to long key. So weights assigned to WEP/64 are lowest as compared to other protocols and weight values assigned to WEP/128 have higher values as compared to WEP/64.

Wi-Fi Protected Access (WPA): In the experimental testbed WPA is used with TKIP disabled and Advanced Encryption Standard (AES) (as it is optional in WPA) enabled (WPA/AES). Since security mechanisms associated with WPA/

AES are more, it provides confidentiality and authentication (based on 802.1x and EAP) with enhanced strength as com- pared to WEP. The security features are assigned with more weight values as compared to WEP/64/128.

WPA2:WPA2 is used in two ways one with TKIP disabled and Advanced Encryption Standard (AES) (as it is optional in WPA) enabled (WPA2/AES), and another when both TKIP and AES are enabled(WPA2/AES/TKIP).Mechanisms used in WPA2/AES are more in number and strong enough as com- pared to WPA/AES and WEP, so weights assigned to the secu- rity features associated with WPA2/AES are higher than WPA/AES. WPA2/AES/TKIP is using a number of mecha- nisms even more than WPA2/AES, resulting in higher weight values.

WPA and WPA2are also used with RADIUS server and are called as enterprise security layers. WPA/AES and WPA2/AES explained above are not making use of Radius server to hold per user key. It is generally used in large net- works to control the individual access. It supports all the fea- tures of WPA/AES and WPA2/AES personal thus providing the same security features. Including this, digital certificates are used in the RADIUS server to authenticate each user, hence enhancing the strength of the protocol. Based on the security mechanisms used (as discussed above for WPA/AES and WPA2/AES) along with digital signatures, weights are assigned as shown in Table 6. Similarly WPA2 is used with both AES and TKIP enabled along with the RADIUS server and provides the maximum number of strong security features and the weights assigned to the associated features are having highest value.

After weight assignment, the second step during the mea- surement of RSSI is to find out the cumulative effect of all the security features provided by the individual protocol or

hybrid protocol (WPA/TKIP/AES). The cumulative effect of security services associated with security protocols is evaluated by finding the linear sum of the weights associated security services. Weights are obtained as defined in the step one. With the assumption that a security protocol SPx is having N security mechanisms then Relative security strength (RSSI) is measured as:

RSSIðSP_xÞ ¼X^N

n¼1

w_A^js_Aþw_C^js_Cþw_I^js_Iþw_MA^j s_MAþw_NR^j s_NR ð1Þ

where,w_A^j is the assigned weight of an algorithm on authenti- cation,w_C^j is the assigned weight of an algorithm on confiden- tiality,w_I^j is the assigned weight of an algorithm on integrity, w_MA^j is the assigned weight of an algorithm on mutual authen- tication and w_NR^j is the assigned weight of an algorithm on non-repudiation. S _(.)is a service function that indicates if a particular security service is supplied by the algorithm j or not. If yes then its value is 1 otherwise zero. Now if RSSI of security protocol P9 (WPA2/TKIP/AES/RADIUS) is evalu- ated, the weights with all the security services given inTable 6 arew_A^j ¼3,w_C^j ¼3,w_I^j¼2:5,w_MA^j ¼3:5,w_NR^j ¼2 and service function S(A)= 1, S(C)= 1, S(I)= 1, S(MA)= 1, S(NR)= 1 (represents that all the security features are provided by secu- rity protocol). RSSI value for security protocol P9 is 3 * 1 + 3 * 1 + 2.5 * 1 + 3.5 * 1 + 2 * 1 = 14 (highest value).

Similarly RSSI for P2= 0.5 * 1 + 0.5 * 1 = 0.5 * 1 + 0 + 0 = 1.5 and for P₁= 0 (lowest value). To study the security strength of various protocols comparative analysis is done by normalizing RSSI values of all the protocols on the basis of the highest value of P₉and actual RSSI value and normalized values are tabulated inTable 7. From the obtained RSSI val- ues it is observed that the security protocol with stronger secu- rity services is obtaining the highest security strength value.

Security protocols P_4–6are having the same number of security features but have variable RSSI values based on the strength of security services provided by security protocols. Hence the RSSI model maps the security strength to a quantifiable numerical value and provides a clear view of the security strength provided by each protocol. Thus by looking into these security strength values provided by each protocol, application users or designers can access the security protocol and then make the decision if a particular protocol meets their require- ments or not.

Table 6 Weights assigned to the implemented security protocols.

Security service Confidentiality (wC) Integrity (wI) Authentication (wA) Mutual authentication (wMA) Non repudiation (wNR)

P1 – – – – –

P2 0.5 0.5 0.5 – –

P3 1 0.5 0.5 – –

P4 1.5 1 1 1 –

P5 2 1.5 1.5 2 –

P6 2.5 2 2 2.5 –

P7 2 1.5 1.5 1.5 1

P8 2.5 2 2 2.5 1.5

P9 3 2.5 2.5 3 2

7. Performance metrics

We have measured the performance of wireless local area network in terms of throughput, response time, encryption overheads, jitter, and frame loss. These parameters can be defined as:

(a) Throughput (TP) (Megabits/s): is the measure of total number of bytes transmitted over the network in a given time. TP is measured as follows:

TP¼ I

TlðPxÞ TfðPxÞ ð2Þ

where,Iis the total amount of data exchanged between two participating nodes.T_lðP_xÞandT_fðP_xÞrepresent the last and first data packet sent per unit time between the sender and receiver with security protocolðP_xÞ. (b) Response Time (RT) (msec): is defined as the total time

required for the data stream to travel between two points which includes connection establishment and security negotiation time. We have measured the response time between the server (server is sending the traffic) and the access point. RT is calculated as the time interval between the moment the server sends a traffic stream to access point and the moment the access point acknowledges the server under various conditions. The obtained numerical values are measured in milliseconds.

(c) Encryption overheads:on configuring different security protocols into the network, it has been found that differ- ent security protocols have different impacts on the per- formance of wireless networks. We have analyzed the overheads associated with each security layer. Over- heads incurred by each security layer have been evalu- ated as follows (Hayajneh et al., 2012):

Let P1denote the security layer with almost zero security level. Overheads caused by this layer are zero and thus this

‘No Security’ layer is used to compare the other security pro- tocols with some security level.Pxdenotes the security policy with some security level (with some encryption and authentica- tion operations) wherex= {1, 2, 3. . .. . ..9}.

T^s(n,P_x) is the time required to process thenth packet by a senderiwith security policyPx.

T^r(n,P_x) is the time required to process the n^thpacket by a receiverjwith security policyPx.

T^t(n,Px) is the time taken by thenth packet to travel in the network between the sender and the receiver with security pol- icyPx.

Total time taken in the processing of thenth packet to tra- vel between the sender and the receiver with security policyPx

is represented byT(n,P_x) and is equal to

Tðn;PxÞ ¼T^sðn;PxÞ þT^rðn;PxÞ þT^tðn;PxÞ ð3Þ Assume thatKpackets have been sent from clientito client j. Therefore the total time required for processingKpackets between clients using security policiesP_xis represented as a sum of time involved in processing allKpackets:

X^k

n¼1

ðTðn;PXÞÞ ¼X^k

n¼1

ðT^Sðn;PXÞ þT^rðn;PXÞ þT^tðn;PXÞÞ ð4Þ

If we assume that the size of thenth packet islnbits, and then the total number of bits inkpackets, denoted byB_k, is:

Bk¼X^k

n¼1

ln ð5Þ

Using Eqs.(2) and (3), bit rate with security policiesPxcan be represented as:

BRðPXÞ

¼ Bk

Pk

n¼1ðTðn;P_XÞÞ ¼Pk

n¼1ðT^Sðn;P_XÞ þT^rðn;P_XÞ þT^tðn;P_XÞÞ ð6Þ where BR (Px) denotes the bit rate (bits/s), that can be obtained with each security policyP_x.

BRðP1Þ

¼ Bk

Pk

n¼1ðTðn;P₁ÞÞ ¼Pk

n¼1ðT^Sðn;P₁Þ þT^rðn;P₁Þ þT^tðn;P₁ÞÞ ð7Þ whereBR(P1) is the bit rate (bits/s), achieved by configuring the security policy with zero security levelP₁.

Now assume thatOðPXÞ refers the encryption overheads associated with different security policiesðP_XÞand is defined as the difference between the bit rate for security layersðPXÞ andðP₁Þ. Encryption overheadsOðP_XÞcan be calculated as:

OðP_XÞ ¼BRðP_XÞ BRðP₁Þ ð8Þ (d) Jitter (J) (msec): is the measure of variation in the time between the data packets caused by the network.

(e) Frame Loss (FL): is the measure of loss of the data frames, that is, frame transmitted over the wireless network but not received at the destination. Frame loss is measured as

%Frame Loss¼LoadðMbpsÞ through put across the load LoadðMbpsÞ

ð9Þ 8. Experimental results and analysis

Experimental results are obtained for analyzing the impact of security protocols on the performance of wireless networks in a class of network scenarios for three IEEE 802.11b/g/n stan- dards. Experiments are performed in both roaming and non-roaming environments. A total of nine security protocols are implemented over the testbed. Detailed specifications/

Table 7 Normalized RSSI values.

Security protocols Actual RSSI (Px)

Normalized RSSI

P1SSID 0 0

P2WEP/64 1.5 11.5

P3WEP/128 2 15.3

P4WPA/AES 4.5 34.6

P5WPA2/AES 7 53.8

P6WPA2/AES/TKIP 9 69.2

P7WPA/AES/RADIUS 7.5 57.6

P8WPA2/AES/RADIUS 11.5 88.4

P9WPA2/AES/TKIP/

RADIUS

13 100

parameters settings of traffic generator, system configurations, Flow rates for congested and uncongested networks, two dif- ferent traffic streams, packet number, and packet length used during the experiment is mentioned in Section5. Performance metrics as defined in Section7has been used for the evaluation of the security performance of a secure wireless local area net- work. First set of experiment was performed for analyzing the security performance of IEEE 802.11b/g/n WLAN standards in the roaming environment. Second set of experiment was per- formed in non-roaming environment. Though we have per- formed experiments for all the network scenarios with different packet lengths for the sake of simplicity and due to space constraints we have presented elaborate results for the TCP congested network with 1000 bytes of packet length.

However similar trends are observed in all network scenarios.

8.1. Throughput analysis in the roaming scenario

Experiments were performed to study the impact of security protocols on the throughput of IEEE 802.11b/g/n WLAN standards in the roaming network in different network scenar- ios. The obtained experimental results are elaborated below.

8.1.1. Throughput measurement on the basis of applied security protocol

Variation in the throughput in response to the particular secu- rity protocol in roaming scenario for three standards IEEE 802.11b/g/n is shown inFig. 3. For IEEE 802.11b and IEEE 802.11g the data rate was set to 12 Mbps and 55 Mbps respec- tively. It is observed that different security protocols have dif- ferent impacts on the throughput of the network. As shown in Fig. 3throughput is highest for Service set identification (SSID (P1)), which is known to be a ‘No Security’ layer as it provides almost zero level of security. P₁is also used as a reference for comparison with other security protocols. It is observed that on increasing the complexity of security mechanisms, through- put decreases significantly. Taking average of all the nine pro- tocols P1–9it is found that throughput decreases by 2.36% and 1.36% in IEEE 802.11b and IEEE 802.11g respectively. This throughput degradation is due to an increase in computations of the security protocols, which in turn consume more system resources. As discussed above in Section5.3experiments are performed for security protocols at the MAC layer (P_1–6) and the Application layer (enterprise security P7–9). From the obtained numerical results, it is demonstrated that throughput degradation with P7–9 is more than P1–6. It is due to an

increased number of messages in the authentication phase.

These obtained numerical values however confirmed the gen- eral trends reported in (Baghaei et al., 2004; Turab and Moldoveanu, 2008; Boulmalf et al., 2007).

It is verified from the throughput analysis of two IEEE 802.11b/g standards that the stronger the security mechanism the more is the throughput degradation. But throughput results for IEEE 802.11n (75 Mbps) are dispelling these observations.

As shown inFig. 3it is depicted that throughput degradation with protocols P2–3(WEP64/128) is approx. 55% higher than that of P_{1, 4-9}, though these are the security protocols with less complexity. This is due to the fact that IEEE 802.11n requires AES to be enabled on its WLAN used by its client but the WEP protocol uses RC4 encryption instead of AES. It pro- hibits the use of high throughput with WEP and drop data rates to 54Mbps as reported in (http://www.intel.com/support/wire- less/wlan). From security protocols P1, 4–9 (P4, WPA/AES) throughput decreased to about 1.31% with an increase in the security strength of protocols, also throughput degradation of P_7-9is more than that of P_4–6but less than P_2–3.

8.1.2. Throughput on the basis of congested and uncongested network

Experiments are performed to analyze the impact of security protocols on the throughput of network in both congested and uncongested networks by selecting the data rates for access point as 11 Mbps, 54 Mbps and 72 Mbps for IEEE 802.11b/g/n respectively. The obtained experimental results are shown in Fig. 4(a–c). For IEEE 802.11b uncongested and congested networks the traffic was generated at a rate of 5 Mbps and 12 Mbps respectively. The obtained experimental numerical values for uncongested and congested IEEE 802.11b with TCP traffic streams are plotted inFig. 4(a). It is revealed that for the uncongested network the maximum throughput obtained for P₁is 6.31 Mbps, which is close to its data flow value. Thereafter throughput decreased gradually depending upon the complexity of the implemented security protocols (P1–9), where as in the congested network throughput obtained for P1is 6.19 Mbps, very low as compared to its traffic flow value (12 Mbps). Throughput degradation in the TCP con- gested network is 1.7% higher than the TCP uncongested net- work Fig. 4(a). From the obtained numerical values it is depicted that throughput in the congested network is less as compared to the uncongested network and this is due to the congestion caused in the network by high traffic generation rates. There is not enough bandwidth available in the network

Figure 3 Impact of security protocols on throughput.

and packets can be dropped at the access point. Further throughput decreased significantly with an increase in the strength of the implemented protocol. The traffic was gener- ated at a rate of 30 Mbps and 55 Mbps to make the network uncongested and congested respectively in IEEE 802.11g net- work. For security protocol P1maximum throughput obtained for the TCP uncongested network is 24.2 Mbps and through- put obtained for the TCP congested network is 23.37 Mbps.

From the obtained numerical values it is depicted that throughput for the TCP uncongested network is higher than the congested network. Experimental results plotted inFig. 4 (b) demonstrate that average throughput degradation in the TCP congested network is 2.7% more than the TCP uncon- gested network. In IEEE 802.11n based network the traffic was generated at a rate of 50 Mbps and 75 Mbps to make the network uncongested and congested respectively. From the experimental results plotted inFig. 4(c) it is depicted that average throughput decreased about 2.01% for security proto- cols P_{1, 4–9}in the TCP congested network as compared to the TCP uncongested network. For security protocols P2–3, similar trends are obtained as described in Section8.1.1, throughput degradation is maximum for P2–3.

8.1.3. Throughput with variable packet length

Experiments are performed to study the impact of different packet lengths (500/1000/1500/2000 bytes) on the throughput of secure wireless network in three WLAN standards IEEE 802.11b/g/n in roaming scenarios. The obtained experimental values are plotted inFigs. 5–7. Throughput plots with different packet lengths for IEEE 802.11b in different network scenarios for all the security protocols are shown inFig. 5(a, b). Average throughput increased to about 4.01% with an increase in packet length for TCP in the congested network whereas throughput increased to about 4.1% for the UDP congested network with an increase in packet length. Experimental results are obtained for the IEEE 802.11g network, in the sim-

ilar manner as for IEEE 802.11b WLAN network. Obtained experimental numerical values are plotted inFig. 6(a, b). From the obtained numerical values it is demonstrated that with increase in packet length throughput increased by 1.2% and 2.6% in TCP and UDP congested networks respectively.

Throughput increased to about 1.3% and 2.4% for TCP and UDP congested networks respectively with an increase in packet length in IEEE 802.11n WLAN as given inFig. 7(a, b).

8.1.4. Throughput with TCP and UDP traffic streams

Experiments are performed to study the impact of traffic streams on the throughput of a secure wireless network in three WLAN standards IEEE 802.11b/g/n and the obtained experimental results are plotted inFig. 8(a–c). In the uncon- gested network TCP throughput is 11.6%, 42.8% and 44%

more than that of UDP throughput whereas in the congested network TCP throughput is 2.9%, 6.01% and 4.4% more than UDP throughput averaged over the security layers P_1–9 for IEEE 802.11b, IEEE 802.11g and IEEE 802.11n WLAN respectively. It is due to the fact that TCP is associated with retransmission of the packets, lost due to congestion and error.

Percentage throughput variation averaging over the nine secu- rity protocols with all the network scenarios in three WLAN standards is shown inTable 8.

8.2. Response time in roaming scenario

Next set of experiments was performed to study the impact of security protocols on the Response time of IEEE 802.11b/g/n WLAN standards in the roaming network in different network scenarios. Response time (RT) is defined as the total time required for the data stream to travel between two points which includes connection establishment and security negotia- tion time. We have also investigated how the quality of wire- less link affects the response time of secure WLAN. We have measured the response time between the server (server is Figure 4 Throughput in roaming scenario IEEE 802.11n network with TCP uncongested and congested (a) IEEE 802.11b, (b) IEEE 802.11g (c) IEEE 802.11n.

sending the traffic) and the access point, and is defined as the time interval between the moment the server sends a traffic stream to the access point and the moment the access point acknowledge the server under various conditions. The obtained numerical values are measured in milliseconds. The obtained experimental results are elaborated below:

8.2.1. Response Time measurement on the basis of applied security policy

Response time variation in response to the particular security policy in the roaming scenario for three standards- IEEE 802.11b/g/n is shown in Fig. 9. It is depicted that different security policies differ from each other in their impact on response time of the network. Response time is lowest for secu- rity layer SSID (P1). With an increase in complexity of security mechanisms and the time involved in initial negotiation during the authentication phase, response time increases significantly as shown inFig. 9. It is observed that on average response time increased by 1.8% and 1.32% from the security layers P_1-9for IEEE 802.11b and IEEE 802.11g respectively. For IEEE 802.11n response time for protocols P_2-3 (WEP64/128) is

approx. 48% higher than that of its no security layer. Average increase in RT for security protocols P_{1, 4-9}is 1.6%.

8.2.2. Response Time on the basis of congested and uncongested network

Experiments are performed to analyze the impact of security protocols on the response time of network in congested and uncongested network for IEEE 802.11b/g/n and are shown in Figs. 10–12. The obtained experimental numerical values of RT for uncongested and congested IEEE 802.11b and IEEE 802.11g network with TCP and UDP traffic streams are plot- ted inFigs. 10 and 11(a, b), it is revealed that response time for TCP congested network is 2% and 3.04% more than that of TCP uncongested network and RT for the UDP congested net- work is 10.5% and 41% more than that of UDP uncongested network for IEEE 802b and IEEE 802.11g respectively. Secu- rity protocols in IEEE 802.11n followed similar trends as detailed for throughput in Section8.1. From the experimental results plotted inFig. 12(a, b) it is depicted that average RT increased by about 2.02% for security protocols P1, 4–9in the TCP congested network as compared to the TCP uncongested Figure 5 Throughput for different packet lengths in IEEE 802.11b with (a) TCP congested (b) UDP congested.

Figure 6 Throughput for different packet lengths in IEEE 802.11g with (a) TCP congested, (b) UDP congested.

Figure 7 Throughput for different packet lengths in IEEE 802.11n with (a) TCP congested, (b) UDP congested.

network. For the UDP congested network RT is 40.2% more than in the UDP uncongested network for P_{1, 4–9}. It is found that RT for security protocols P2–3is highest in both congested and uncongested networks_.

8.2.3. Response time with TCP and UDP traffic streams Experiments are performed to study the impact of traffic streams on the response time of the secure wireless network in three WLAN standards IEEE 802.11b/g/n and the obtained experimental results are plotted in Fig. 13(a–c). In the con- gested network TCP response time is 3.2%, 5.9%, and 0.98% more than UDP averaged over the security layers P1–9in all IEEE 802.11b, IEEE 802.11g and IEEE 802.11n net- works respectively.

We have obtained RT values at different packet lengths in various network scenarios. Due to the space limitation we have not discussed here the results for analysis of the impact of packet length on RT. Average percentage variation in response time in all the network scenarios is presented inTable 9.

8.3. Encryption overheads in roaming scenario

Third set of experiments was performed to study the encryp- tion overheads incurred due to the implemented security pro- tocols in IEEE 802.11b/g/n WLAN standards in roaming network in different network scenarios. Overheads are evalu- ated in the manner as described in Section 5. The obtained experimental results are elaborated below:

8.3.1. Encryption overheads on the basis of applied security protocols

With an increase in complexity of the security algorithm, the number of computations also increases which further increase the associated overheads. In security protocols overheads are associated in encryption and decryption of information. From

the experimental analysis it is found that overheads are mini- mum for P₁and maximum for P₉. This is because P₁provides zero security and no encryption and decryption are performed whereas P₉ provides multilayer security including RADIUS server authentication which enhances the complexity of the security protocol and hence the associated overheads. It is observed that on taking the average over the security protocols P1–9overheads incurred are increased by 15.4% and 18.9% for IEEE 802.11b and IEEE 802.11g respectively as shown in Fig. 14. For IEEE 802.11n, EO for protocols P2-3

(WEP64/128) are very high. Average increase in EO for secu- rity protocols P1, 4–9is 11.3%.

8.3.2. Encryption overheads on the basis of congested and uncongested network

Experiments are performed to analyze the overheads associ- ated in congested and uncongested secure networks. The obtained experimental numerical values for uncongested and congested IEEE 802.11b/g network with TCP and UDP traffic streams are plotted inFigs. 15 and 16(a, b). It is revealed that overheads incurred with TCP congested network are 16.4%

and 22% more than that of the TCP uncongested network and EO for the UDP congested network is 41.7% and 14.2% more than that of the UDP uncongested network for IEEE 802.11b and IEEE 802.11g respectively. From the exper- imental results plotted inFig. 17(a, b) it is depicted that for IEEE 802.11n average EO increased by about 22.4% for secu- rity protocols P_{1, 4–9} in the TCP congested network as com- pared to the TCP uncongested network Fig. 17(a). For the UDP congested network RT is 28% more than in the UDP uncongested network for P_{1, 4–9}.

8.3.3. Encryption overheads with TCP and UDP traffic streams Experiments are performed to study the encryption overheads incurred due to different traffic streams in a secure wireless net- Figure 8 Impact of TCP and UDP traffic stream on throughput with uncongested and congested network (a) IEEE 802.11b, (b) IEEE 802.11g, (c) IEEE 802.11n.

work in three WLAN standards IEEE 802.11b/g/n and the obtained experimental results are plotted inFig. 18(a–c). Over- heads are more in TCP than in UDP only for P2and the over- heads incurred are 28.2% and 32.1% more in the UDP congested network for P3–9as compared to TCP traffic stream for IEEE 802.11b and IEEE 802.11g respectively. For IEEE 802.11n WLAN overheads are 11.9% more in TCP than in UDP for P2–5 and the overheads incurred are 3.7% more in the UDP congested network for P_6–9 as compared to the TCP traffic stream.

8.4. Frame loss

Another set of experiments is performed for the measurement of frame loss for all the three standards at different load val- ues. We have plotted percentage frame loss versus load only for four security protocols because similar observations are made for the rest of the security protocols. Load is varied from low to high values i.e. from congested to uncongested range.

Frame loss is calculated using Eq.(9). Following observations are made:

8.4.1. Frame loss in IEEE 802.11b/g/n WLAN

The experimental results presented inFigs. 19–24and numer- ical values shown in Tables 10–15 indicate that percentage frame loss increases with an increase in load for both TCP and UDP traffic stream. It is found that frame loss is less in the uncongested network and is very high in the congested net- work. Frame loss with UDP traffic stream is more than that of the TCP stream. Similar trends are observed in all the three WLAN standards IEEE 802.11b/g/n. Further it is revealed that FL increases with an increase in security strength.

8.5. Jitter

Experimental results are also obtained to study the impact of different security protocols on jitter in different network sce- narios. It is observed that different security implementations have no impact on jitter values in all the network scenarios.

It is found that for IEEE 802.11b jitter value varies from 0 to 2 ms. For IEEE 802.11g/n jitter is almost zero at the appli- cation layer and this value reaches 1 ms at enterprise security layers.

8.6. Performance analysis in the non-roaming scenario Experiments are performed to study the impact of imple- mented security protocols on the performance of WLAN in the non-roaming environment where the access point and cli- ent are in same domain. Results are obtained in a class of net- work scenarios similar to the scenarios used for the roaming network. It is observed that performance variations in the non-roaming network are similar to the roaming network in all the network scenarios but the performance degradation in the non-roaming network is less than that of the roaming net- work. Because of the similar trends followed by all the network scenarios for all the performance parameters we have pre- sented results only for throughput and response time. Further for numerical analysis, TCP congested and UDP congested Table8Percentagevariationofthroughputinasecurewirelessnetworkindifferentnetworkscenarios. DecreaseinTPwithincreaseincomplexityofsecuritypolicy(averagingoverallthesecurityprotocols) IEEE802.11bIEEE802.11gIEEE802.11n 2.36%1.36%1.31% IncreaseinTPofuncongestednetworkascomparedtothecongestednetwork(averagingoverallthesecurityprotocols) IEEE802.11bIEEE802.11gIEEE802.11n TCPUDPTCPUDPTCPUDP 1.7%10.5%2.7%41%2.01%47.2% IncreaseinTPwithUDPtrafficstreamascomparedtotheTCPstream(averagingoverallthesecurityprotocols) IEEE802.11bIEEE802.11gIEEE802.11n CongestedUncongestedCongestedUncongestedCongestedUncongested 2.9%11.6%6.01%42.8%4.4%44% IncreaseinTPwithanincreaseinpacketlength(averagingoverallthesecurityprotocols) TCPcongestedTCPuncongestedUDPcongestedUDPuncongested IEEE802.11bIEEE802.11gIEEE802.11nIEEE802.11bIEEE802.11gIEEE802.11nIEEE802.11bIEEE802.11gIEEE802.11nIEEE802.11bIEEE802.11gIEEE802.11n 4.01%1.2%1.3%3.1%4.3%2.1%4.1%2.6%2.4%2.02%3.5%2.5%

network with a packet length of 1000bytes are considered for all network scenarios. Throughput and response time values obtained from the experimental analysis of IEEE 802.11b/g/n WLAN standards depict that variations in throughput and response time for the non-roaming network are similar to the roaming network in all network scenarios. Throughput decreases and response time increases with an increase in secu- rity strength. Also a decrease in TP is more in the congested network as compared to the uncongested network whereas

response time increases with an increase in security strength.

Percentage decrease or increase in throughput and response time in different network scenarios is shown in Table 16.

The comparative analysis of performance degradation in both roaming and non-roaming scenarios is presented inTable 17.

From the above analysis it is found that different security layers behave differently in various network scenarios. Every layer has a different security strength and different perfor- mance impact in terms of throughput, response time, encryp- Figure 9 Impact of security protocols on response time.

Figure 10 Response time in roaming scenario for IEEE 802.11b uncongested and congested network for (a) TCP, (b) UDP.

Figure 11 Response time in roaming scenario IEEE 802.11g network for uncongested and congested (a) TCP, (b) UDP.

Figure 12 Response time in roaming scenario IEEE 802.11n network for (a) TCP uncongested and congested, (b) UDP uncongested and congested.